Privacy Policy

Privacy Policy of Masaha Al-Taqniyat for Information Technology Company (SpotMe)

1. Introduction

This Privacy Policy ("Policy") is issued by Masaha Al-Taqniyat for Information Technology Company, a single-person company registered under the Saudi Companies Law with commercial registration number (7036226160 - 1010937845), headquartered in Riyadh, Kingdom of Saudi Arabia ("Company", "we", "SpotMe"). This Policy applies to all interactions with our services, including the website (spotme.sa), the mobile application, and the administrative control panel ("Platform"). By using the Platform, whether as a regular user, an administrator (admin) with special permissions, or a partner, you agree to this Policy. Non-acceptance requires immediate cessation of use, with account cancellation via written request to info@spotme.sa within 7 days, and any prepaid fees are non-refundable except by the Company's sole discretion.

2. Information Collection

2.1. We collect various types of data from and about our users, including:

2.1.1. Personal Data: Such as your full name, email address, postal address, phone number, and any other information that can be used to identify you, including date of birth, gender, and other demographic data.

2.1.2. Usage Data: Data about how you use our services, including your IP address, browser type, device information (including unique device identifiers), pages visited, time spent on pages, and clickstream data. We may also collect your geolocation data if you enable location services on your device.

2.1.3. Cookies and Similar Technologies: We use cookies, pixel tags, web beacons, and similar technologies to collect information about your activities on our services and across multiple sites and applications for advertising and analytics purposes.

2.1.4. Third-Party Information: Information we obtain from third parties, such as social media platforms (e.g., Facebook, X), advertising networks (e.g., Google Ads), or data aggregators. This may include your social media profiles, advertising IDs, and other data collected by these third parties.

2.1.5. Sensitive Information: In some cases, we may collect sensitive information, such as health data, financial information, or event data, but only with your explicit consent or as required by law.

2.1.6. Voluntary Information: Any information you voluntarily provide to us, such as through forms, surveys, or direct communications, including comments, testimonials, or any other content you submit to us.

2.2. We may also collect any other information you voluntarily provide, such as through feedback forms, customer surveys, or direct communications, including comments, testimonials, or any other content submitted to us for operational or marketing purposes.

3. Use of Your Information

3.1. We use the information we collect for various purposes, including but not limited to:

3.1.1. Providing, maintaining, and improving our services, including customizing your experience and delivering relevant content and advertisements based on your interests.

3.1.2. Processing transactions and fulfilling orders, such as handling payments and shipping products.

3.1.3. Sending marketing communications, including promotional emails, text messages, and advertisements across various channels and platforms.

3.1.4. Analyzing and understanding how our services are used, including conducting research and analytics to improve our products and services.

3.1.5. Complying with legal and regulatory requirements, such as tax laws, accounting standards, and data protection laws.

3.1.6. Protecting our rights and property, including enforcing our agreements, policies, and terms of service, and preventing fraud or illegal activities.

3.1.7. Any other purpose not prohibited by law or this Policy, including product development, customer support, and internal operations.

3.1.8. Creating aggregated or de-identified data sets for research, analytics, or business purposes, which do not identify you individually.

3.2. We may also use your information to generate anonymized or aggregated datasets for research, analytics, or business purposes, which are stripped of personally identifiable information and may be shared with third parties without your consent, provided such sharing complies with applicable laws and does not enable identification of your individual identity.

4. Sharing Your Information

4.1. We may share your information with:

4.1.1. Service Providers: Third parties who perform services on our behalf, such as hosting, data analytics, email delivery, customer support, payment processing, and fraud detection. These providers are contractually obligated to use your information only for the purposes specified by us and to maintain its confidentiality, with such obligations enforceable under Saudi law and international contracts, and we retain the right to audit their compliance periodically without prior notice.

4.1.2. Partners: Companies with which we partner to offer products or services that may be of interest to you. This may include joint marketing, co-branded services, or other collaborative efforts where your information is shared to facilitate these activities, with your consent explicitly obtained via an opt-in mechanism, and such sharing may extend to data analytics for market research purposes, subject to our sole discretion and applicable legal frameworks.

4.1.3. Legal and Regulatory Entities: As required by law or in response to legal processes, such as court orders, government agency requests, or to comply with laws and regulations, including but not limited to tax authorities, law enforcement agencies, and regulatory bodies, with the Company reserving the right to disclose information without your consent if mandated by a judicial or administrative order from a competent Saudi authority, and such disclosures may include personal data, usage data, and sensitive information if legally required, without liability for any resulting harm.

4.1.4. Successors and Assigns: In connection with any merger, acquisition, or sale of all or part of our assets or business, your information may be transferred to the successor or assignee, with such transfer governed by the terms of this Policy and applicable Saudi laws, and you irrevocably consent to such transfer without further notice, with the Company not liable for any changes in data handling by the successor unless explicitly stated in a subsequent agreement.

4.1.5. Any Other Party: With your consent or as otherwise permitted by law. This may include sharing your information for research, charitable, or other initiatives where you have explicitly agreed to such sharing via an opt-in checkbox during registration or subsequent interactions, and such sharing may involve sensitive data if you provide explicit consent, with the Company retaining discretion to determine the scope and manner of sharing, and no liability for any misuse by the recipient unless proven by judicial order.

4.1.6. We may also share aggregated or de-identified information with third parties for any purpose, where such information does not identify you individually, and such sharing may include statistical data for market analysis, industry reports, or academic research, with no obligation to notify you or obtain consent, provided it complies with Saudi data protection laws and does not enable re-identification of your personal data.

5. Your Rights

5.1. Depending on applicable laws, you may have certain rights regarding your personal information. These rights may include:

5.1.1. The right to access your personal information that we hold, subject to our verification of your identity via OTP sent to your registered mobile or email, with a response provided within 30 days of receipt, and we may charge a reasonable fee for multiple requests within a 12-month period as permitted by law.

5.1.2. The right to correct any inaccuracies in your personal information, with corrections processed within 15 days upon verification, and we may require additional documentation to confirm accuracy, with no liability for delays due to your failure to provide such documentation.

5.1.3. The right to request deletion of your personal information, subject to certain exceptions such as legal retention obligations, with deletion completed within 30 days unless a dispute or judicial order requires retention, and we may retain usage logs for audit purposes per Saudi law, with no refund for prepaid fees upon deletion.

5.1.4. The right to restrict or object to the processing of your personal information for certain purposes, such as direct marketing, with restrictions applied within 15 days upon request, but we may continue processing for legal compliance or contract enforcement, and objections may be overridden if we demonstrate compelling legitimate grounds, with no liability for continued processing under such circumstances.

5.2. To exercise these rights, please contact us at info@spotme.sa or +966 533227767. We will respond to your request in accordance with applicable law and our internal policies, which may include identity verification via OTP, and we reserve the right to reject requests that are manifestly unfounded, excessive, or repetitive, with no obligation to provide detailed justification for rejection unless mandated by a judicial order.

5.3. Please note that these rights may be subject to certain restrictions and exceptions under applicable law, and we may not always be able to fully or immediately comply with your request. For example, we may need to retain certain information for legal or business purposes, such as fraud prevention or tax compliance, or we may require additional verification of your identity before processing your request, and any failure to comply with our verification process may result in rejection of your request without further notice, with records stored for audit in Alibaba Cloud-hosted databases per our discretion.

6. Data Security

6.1. We take reasonable steps to protect your information from unauthorized access, use, or disclosure. These steps include:

6.1.1. Implementing appropriate technical and organizational security measures, such as encryption using AES-256 for data at rest, TLS 1.3 for data in transit, firewalls, and access controls, with periodic penetration testing conducted by third-party security firms at our discretion, and we may employ multi-factor authentication (MFA) for admin access to enhance security, with no liability for breaches due to User or Partner negligence in maintaining secure credentials.

6.1.2. Regularly reviewing and updating our security practices to address emerging threats and vulnerabilities, such as applying security patches for newly discovered Common Vulnerabilities and Exposures (CVEs) within 72 hours of notification, conducting annual security audits by certified auditors, and implementing incident response plans for data breaches, with no obligation to notify Users or Partners of every update unless legally required, and we retain discretion to determine the scope of these updates.

6.1.3. Training our employees and contractors on best practices for data privacy and security, including mandatory annual training on Saudi Personal Data Protection Law, with signed confidentiality agreements enforceable under Saudi law, and we may terminate contracts with non-compliant contractors without notice, with no liability for breaches caused by third-party contractor negligence, provided we have taken reasonable steps to ensure compliance.

6.2. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee the absolute security of your information against all possible threats, including but not limited to advanced persistent threats (APTs), zero-day exploits, or state-sponsored cyberattacks. You are responsible for maintaining the secrecy of any passwords or other security credentials associated with your account, and you are liable for any activities that occur under your account, including unauthorized access due to shared credentials, weak passwords (e.g., "12345678"), or use of unsecured public Wi-Fi networks without VPN, with no recourse against the Company for such incidents unless proven by judicial order to be due to our gross negligence.

6.3. In the event of a data breach or unauthorized access to your information, we will notify you as required by law, specifically within 72 hours under the Saudi Personal Data Protection Law, and take appropriate steps to mitigate any potential harm, such as isolating affected systems, notifying affected parties via email or SMS, and cooperating with regulatory authorities like SDAIA, but we disclaim liability for any resulting damages unless proven by judicial order to be due to our willful misconduct, with records of breaches stored for audit in Alibaba Cloud-hosted databases, and you waive any right to claim compensation for indirect or consequential damages like loss of business opportunities.

7. Changes to This Policy

7.1. We may update this Policy from time to time to reflect changes in our practices, applicable laws, or for other business reasons, such as aligning with new Saudi data protection regulations, responding to market demands, or enhancing operational efficiency. Any changes will be posted on this page, and the date of the last update will be indicated at the top of the Policy, with continued use of our services after any changes constituting your acceptance of the updated Policy, and we retain the right to implement changes without prior notice in urgent cases mandated by law, with no liability for impacts on your usage.

7.2. We may send an electronic notice to your registered email address to inform you of changes, but failure to receive this notice does not exempt you from complying with the updated 

Policy if you continue to use our services, and posting the updated Policy on our website (spotme.sa/privacy) is considered formal and binding notice under the Saudi E-Transactions Law, with such posting deemed sufficient legal notification without requiring actual receipt, and you are responsible for regularly checking for updates, with no obligation on us to provide reminders beyond the initial notice.

8. Contact Us

8.1. If you have any questions or concerns about this Policy or our privacy practices, please contact our Data Protection Officer at info@spotme.sa or +966 533227767, with all communications required to be in writing and electronically signed via the approved email address, and we will respond within 7 business days at our sole discretion, with no liability for delays due to your failure to provide clear, verifiable information.

8.2. All requests or complaints must be in writing and electronically signed via the approved email address, with any supporting evidence (such as screenshots or payment receipts) attached, and we will respond within 7 business days at our sole discretion, with records of communications stored in databases hosted by "Alibaba Cloud" for review or investigation purposes, and we reserve the right to reject requests that are manifestly unfounded, excessive, or repetitive without detailed justification unless mandated by a judicial order.

9. Governing Law and Dispute Resolution

9.1. This Policy and any disputes arising from or relating to it are governed by the laws of the Kingdom of Saudi Arabia, without regard to its conflict of laws provisions, and any legal action or proceeding relating to this Policy or the services must be brought in the Commercial Courts in Riyadh, and you irrevocably consent to the jurisdiction of these courts, with no right to challenge this jurisdiction except by a judicial order from a competent Saudi court, and we retain the right to enforce this jurisdiction without prior notice.

9.2. We may agree to resolve disputes through binding arbitration under the Saudi Arbitration system as per Royal Decree No. (M/34) dated 24/5/1433 AH, if mutually agreed upon in writing via the approved email (info@spotme.sa) before any legal action is taken, with arbitration costs borne by the losing party as determined by the arbitration panel, and you waive any right to appeal this decision except by a judicial order from a competent Saudi court, with no liability on us for arbitration delays or outcomes unless proven by judicial order to be due to our gross negligence.

10. Limitation of Liability

10.1. To the maximum extent permitted by law, Masaha Al-Taqniyat for Information Technology Company does not accept any liability for any direct, indirect, incidental, special, or consequential damages arising from or relating to this Policy or use of the services, including but not limited to loss of profits, data, or goodwill, even if we have been advised of the possibility of such damages, and you waive any right to claim such damages unless proven by judicial order to be due to our willful misconduct, with records of claims stored for audit in Alibaba Cloud-hosted databases.

10.2. Users and partners accept this limitation of liability as part of their use of the Platform, and any claims for compensation outside the scope of these terms are rejected without further explanation from the Company, with records of such claims stored for review or investigation purposes, and we retain the right to enforce this limitation without prior notice, with no obligation to provide detailed justification for rejections unless mandated by a judicial order.

11. Jury Trial Waiver

11.1. You waive your right to a jury trial in any legal action relating to this Policy or the services, and any dispute must be resolved through binding arbitration or the Commercial Courts in Riyadh under Saudi law, with no right to challenge this waiver except by a judicial order from a competent Saudi court, and we retain the right to enforce this waiver without prior notice, with records of waivers stored for audit in Alibaba Cloud-hosted databases.

12. Severability

12.1. If any provision of this Policy is deemed illegal or unenforceable, that provision will be severed, and the remaining provisions will remain in full force and effect, with this severance not affecting the validity of the overall agreement, and parties must adhere to the remaining provisions without objection, with records of this severance stored for review or investigation purposes in Alibaba Cloud-hosted databases, and we retain the right to amend the severed provision without prior notice if legally required.

Language Precedence: These Terms and Conditions are provided in both Arabic and English. In the event of any spelling error or discrepancy between the Arabic and English versions, the Arabic version shall be considered the official and authoritative version, in accordance with Saudi legal standards recognizing Arabic as the official language for contracts and transactions.